{"id":13232,"date":"2025-12-16T10:53:56","date_gmt":"2025-12-16T05:23:56","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13232"},"modified":"2025-12-16T10:53:59","modified_gmt":"2025-12-16T05:23:59","slug":"se-firewalld-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/se-firewalld-on-linux","title":{"rendered":"How to Use FirewallD on Linux Server 2026? &#8211; (Step by Step Install &amp; Enable FirewallD Guide)"},"content":{"rendered":"\n<p><strong>FirewallD is a dynamic firewall manager for Linux<\/strong> that lets you control network traffic with zones, services, and rich rules without disconnecting current sessions. <\/p>\n\n\n\n<p>To use FirewallD on a Linux server, install it, enable the service, choose a default zone, allow required services or ports, then reload to persist rules across reboots. Learning how to use FirewallD on a Linux server is one of the <strong>fastest ways to improve your security<\/strong> posture. <\/p>\n\n\n\n<p>In this beginner friendly guide, I\u2019ll show you how to install, configure, and manage <strong>FirewallD using practical commands<\/strong> and real world examples, plus production ready best practices we use on managed servers at YouStable.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-firewalld-and-why-use-it\"><strong>What is FirewallD (and why use it)?<\/strong><\/h2>\n\n\n\n<p>FirewallD is a daemon that manages firewall rules dynamically via zones and services. Under the hood it uses nftables on modern distros <strong>(or iptables on older ones)<\/strong>. <\/p>\n\n\n\n<p>Unlike static firewall tools, FirewallD updates rules without dropping connections, integrates with system services via D-Bus, and offers granular \u201crich rules\u201d for advanced control.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-supported-linux-distributions\"><strong>Prerequisites and Supported Linux Distributions<\/strong><\/h2>\n\n\n\n<p>FirewallD is available on RHEL 8\/9, CentOS Stream, AlmaLinux, Rocky Linux, Fedora, openSUSE, and Ubuntu\/Debian. <\/p>\n\n\n\n<p>You\u2019ll need sudo or root <a href=\"https:\/\/www.youstable.com\/blog\/ssh-keys-vs-password-authentication\/\"><strong>access and SSH to your server<\/strong><\/a>. If you\u2019re in a cloud (AWS, Azure, GCP), ensure your provider\u2019s security groups or network ACLs also allow the same ports you open locally.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-firewalld\"><strong>Install and Enable FirewallD<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rhel-centos-stream-almalinux-rocky-fedora\"><strong>RHEL, CentOS Stream, AlmaLinux, Rocky, Fedora<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y firewalld\n# For CentOS 7 or very old systems: sudo yum install -y firewalld\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state    # should print: running\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-and-debian\"><strong>Ubuntu and Debian<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y firewalld\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state\n<\/code><\/pre>\n\n\n\n<p><strong>Tip:<\/strong> If you used UFW before, disable it to avoid conflicts:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw disable\nsudo systemctl stop ufw\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"understanding-zones-and-services\"><strong>Understanding Zones and Services<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"zones-in-firewalld\"><strong>Zones in FirewallD<\/strong><\/h3>\n\n\n\n<p>Zones represent trust levels for network connections. You assign interfaces (eth0, ens3) or source IP ranges to zones, then allow services\/ports in those zones. Common zones include: drop, block, public, external, internal, dmz, home, work, trusted. The default is usually \u201cpublic\u201d on servers.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --get-default-zone\nsudo firewall-cmd --get-active-zones\nsudo firewall-cmd --list-all --zone=public\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-services\"><strong>FirewallD Services<\/strong><\/h3>\n\n\n\n<p>Services are predefined rules (like http, https, ssh, dns) that include the required ports and protocols. They live in \/usr\/lib\/firewalld\/services\/ (system-level) and \/etc\/firewalld\/services\/ (custom). Use them where possible instead of remembering <a href=\"https:\/\/www.youstable.com\/blog\/webmail-port-numbers\/\">port numbers<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --get-services\nsudo firewall-cmd --info-service=http\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-commands-youll-use-daily\"><strong>FirewallD Commands You\u2019ll Use Daily<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/how-to-configure-firewalld-on-linux\/\">FirewallD has two configurations:<\/a> runtime (temporary) and permanent (persist after reboot). Add &#8211;permanent to save, then reload.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Set the default zone\nsudo firewall-cmd --set-default-zone=public\n\n# Allow a service\nsudo firewall-cmd --add-service=http --permanent\nsudo firewall-cmd --reload\n\n# Allow a port (single or range)\nsudo firewall-cmd --add-port=8080\/tcp --permanent\nsudo firewall-cmd --add-port=30000-30100\/tcp --permanent\nsudo firewall-cmd --reload\n\n# Remove access\nsudo firewall-cmd --remove-service=http --permanent\nsudo firewall-cmd --remove-port=8080\/tcp --permanent\nsudo firewall-cmd --reload\n\n# List current rules\nsudo firewall-cmd --list-all\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"a-secure-by-default-setup-step-by-step\"><strong>A Secure-By-Default Setup (Step-by-Step)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Confirm your <a href=\"https:\/\/www.youstable.com\/blog\/how-to-enable-ssh-access-for-clients-or-users\/\">SSH access<\/a> works on the correct port and from your IP.<\/li>\n\n\n\n<li>Set the default zone to public and bind your interface to it.<\/li>\n\n\n\n<li>Allow only the minimum services needed (ssh, http\/https, database if required).<\/li>\n\n\n\n<li>Enable logging for denied packets while testing.<\/li>\n\n\n\n<li>Reload and verify connectivity.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Bind interface and restrict to minimal services\nsudo firewall-cmd --zone=public --change-interface=eth0 --permanent\nsudo firewall-cmd --zone=public --add-service=ssh --permanent\nsudo firewall-cmd --zone=public --add-service=http --permanent\nsudo firewall-cmd --zone=public --add-service=https --permanent\n\n# (Optional) Log denied packets during audits\nsudo firewall-cmd --set-log-denied=all\n\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all --zone=public\n<\/code><\/pre>\n\n\n\n<p>If SSH runs on a non-standard port, allow it explicitly and ensure SELinux allows that port (RHEL-family):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow custom SSH port 2222\nsudo firewall-cmd --add-port=2222\/tcp --permanent\nsudo firewall-cmd --reload\n\n# SELinux context for custom SSH port (RHEL\/Alma\/Rocky)\nsudo semanage port -a -t ssh_port_t -p tcp 2222\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"managing-ports-and-services\"><strong>Managing Ports and Services<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-allow-rules\"><strong>Common Allow Rules<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Web\nsudo firewall-cmd --add-service=http --permanent\nsudo firewall-cmd --add-service=https --permanent\n\n# SSH\nsudo firewall-cmd --add-service=ssh --permanent\n\n# DNS, SMTP, MariaDB (use only if needed and secure access)\nsudo firewall-cmd --add-service=dns --permanent\nsudo firewall-cmd --add-service=smtp --permanent\nsudo firewall-cmd --add-service=mysql --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"port-ranges-and-protocols\"><strong>Port Ranges and Protocols<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># TCP\/UDP toggle\nsudo firewall-cmd --add-port=1194\/udp --permanent\n\n# Port range (e.g., passive FTP or game servers)\nsudo firewall-cmd --add-port=50000-50100\/tcp --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"removing-unnecessary-access\"><strong>Removing Unnecessary Access<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --remove-service=mysql --permanent\nsudo firewall-cmd --remove-port=50000-50100\/tcp --permanent\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"granular-control-with-rich-rules\"><strong>Granular Control with Rich Rules<\/strong><\/h3>\n\n\n\n<p>Rich rules offer advanced matching, source restrictions, logging, and rate limiting. Use them to lock management ports to trusted IPs or subnets.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow SSH only from a single IP\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\nsource address=\"203.0.113.10\" service name=\"ssh\" accept' --permanent\n\n# Allow SSH from a subnet with rate limiting\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\nsource address=\"203.0.113.0\/24\" service name=\"ssh\" \\\nlimit value=\"15\/m\" accept' --permanent\n\n# Log &amp; drop everything else hitting SSH (example)\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\nservice name=\"ssh\" log prefix=\"FW-SSH \" level=\"info\" limit value=\"5\/m\"' --permanent\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\nservice name=\"ssh\" drop' --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"zones-for-multi-nic-or-multi-tenant-servers\"><strong>Zones for Multi-NIC or Multi-Tenant Servers<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"assign-interfaces-to-zones\"><strong>Assign Interfaces to Zones<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Public-facing NIC\nsudo firewall-cmd --zone=public --change-interface=eth0 --permanent\n\n# Internal\/private NIC\nsudo firewall-cmd --zone=internal --change-interface=eth1 --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"source-based-zones\"><strong>Source-Based Zones<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Treat a trusted office subnet as \"trusted\"\nsudo firewall-cmd --zone=trusted --add-source=10.0.10.0\/24 --permanent\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<p>With this model, your public zone can expose only web ports, while internal or trusted zones can allow SSH or database access from specific private ranges.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"masquerading-nat-and-port-forwarding\"><strong>Masquerading, NAT, and Port Forwarding<\/strong><\/h2>\n\n\n\n<p>For edge servers or gateways, you can NAT outbound traffic and forward ports internally using FirewallD.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable NAT (masquerading) on the external zone\nsudo firewall-cmd --zone=public --add-masquerade --permanent\n\n# Forward external port 80 to local 8080\nsudo firewall-cmd --zone=public \\\n--add-forward-port=port=80:proto=tcp:toport=8080 --permanent\n\n# Forward 443 to an internal host\nsudo firewall-cmd --zone=public \\\n--add-forward-port=port=443:proto=tcp:toaddr=10.0.0.10 --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<p>Ensure kernel IP forwarding is enabled for routing scenarios and review cloud provider firewall rules to avoid conflicts or double-NAT surprises.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ipv6-considerations\"><strong>IPv6 Considerations<\/strong><\/h2>\n\n\n\n<p>FirewallD applies most rules to both IPv4 and IPv6 by default. If your server has AAAA DNS records or global IPv6 addresses, confirm your policies with tests over IPv6 and consider rich rules that include family=&#8221;ipv6&#8243; when restricting sources.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"testing-and-troubleshooting\"><strong>Testing and Troubleshooting<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Validate configuration syntax\nsudo firewall-cmd --check-config\n\n# See zones and rules\nsudo firewall-cmd --get-active-zones\nsudo firewall-cmd --list-all --zone=public\n\n# Save runtime rules to permanent\nsudo firewall-cmd --runtime-to-permanent\n\n# Inspect logs and denied packets\njournalctl -u firewalld --since \"1 hour ago\"\nsudo firewall-cmd --set-log-denied=all  # during troubleshooting\n\n# Cross-check with sockets and nftables\nsudo ss -tulpen\nsudo nft list ruleset\n<\/code><\/pre>\n\n\n\n<p>If you lose SSH access during testing, use your cloud\/VPS console to revert changes or temporarily allow the necessary port and IP from the provider panel.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-vs-iptables-vs-ufw\"><strong>FirewallD vs. iptables vs. UFW<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FirewallD:<\/strong> Dynamic updates, zone-based model, service awareness, rich rules, integrates with system tools. Best for RHEL\/Fedora families and multi-zone servers.<\/li>\n\n\n\n<li><strong>iptables (legacy):<\/strong> Powerful but lower-level and static. Easy to lock yourself out; superseded by nftables on many distros.<\/li>\n\n\n\n<li><strong>UFW:<\/strong> Simple allow\/deny syntax on Ubuntu; great for single-zone setups, fewer advanced features than FirewallD\u2019s rich rules\/zones.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"production-best-practices\"><strong>Production Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Principle of least privilege:<\/strong> open only what you must.<\/li>\n\n\n\n<li>Restrict SSH with rich rules to known IPs; consider key-only auth and rate limits.<\/li>\n\n\n\n<li><strong>Separate zones:<\/strong> public for web, internal\/trusted for admin and database access.<\/li>\n\n\n\n<li>Document every rule; use configuration management (Ansible) to version policies.<\/li>\n\n\n\n<li>Avoid mixing manual nft rules with FirewallD; let one tool own the firewall.<\/li>\n\n\n\n<li>Test changes in runtime first; then commit to &#8211;permanent and reload.<\/li>\n\n\n\n<li>Enable denial logging during audits, then revert to reduce noise.<\/li>\n\n\n\n<li>Review <a href=\"https:\/\/www.youstable.com\/blog\/tally-on-cloud-vs-local-installation\/\">cloud security groups and load balancers alongside local<\/a> rules.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765796337471\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-firewalld-better-than-iptables-for-servers\"><strong>Is FirewallD better than iptables for servers?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For most modern servers, yes. FirewallD offers dynamic updates, zone-based policies, and service definitions, reducing mistakes and downtime. It uses nftables by default on newer distros and keeps rules consistent across reboots with &#8211;permanent and reload mechanics.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765796346156\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-open-a-port-in-firewalld\"><strong>How do I open a port in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use add-port with protocol and make it permanent, then reload:<br \/><code>sudo firewall-cmd --add-port=8080\/tcp --permanent<br \/>sudo firewall-cmd --reload<\/code><\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765796365212\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-is-the-difference-between-runtime-and-permanent-in-firewalld\"><strong>What is the difference between runtime and permanent in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Runtime rules apply immediately but vanish on restart. Permanent rules persist across reboots but require reload to take effect. You can test changes at runtime first, then save with &#8211;runtime-to-permanent or re-run with &#8211;permanent and reload.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765796383096\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-allow-a-service-only-from-one-ip\"><strong>How do I allow a service only from one IP?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use a rich rule targeting the service and source IP:<br \/><code>sudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\<br \/>source address=\"203.0.113.10\" service name=\"ssh\" accept' --permanent<br \/>sudo firewall-cmd --reload<\/code><\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765796396827\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-firewalld-work-with-ipv6\"><strong>Does FirewallD work with IPv6?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Most service and port rules apply to both IPv4 and IPv6 automatically. For strict controls, use rich rules with family=&#8221;ipv6&#8243; and test connectivity over IPv6 to verify your policy behaves as expected.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"conclusion\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>Mastering FirewallD on Linux is straightforward once you understand zones, services, and the runtime\/permanent workflow. Start minimal, test carefully, and layer rich rules for precision. If you prefer expert, hands off security hardening, <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\"><strong>YouStable\u2019s managed hosting<\/strong><\/a> team can design and maintain a robust FirewallD policy tailored to your workloads.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FirewallD is a dynamic firewall manager for Linux that lets you control network traffic with zones, services, and rich rules [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13774,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"iawp_total_views":3,"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13232","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-FirewallD-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13232"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13232\/revisions"}],"predecessor-version":[{"id":13775,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13232\/revisions\/13775"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13774"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}